SECURITY

Upload and stream with confidence

Your work is always safe with Spotterfish. Blockbuster production budgets can outgrow the GDP of a small country (well… almost) and to entrust a project of that size to an online collaboration service and be certain it will only be visible to the right people means you need a security apparatus worthy of the task.

 

And that’s exactly what we can offer. Spotterfish was designed to keep your project safe at all times and to make sure only your intended team members get access to your material.

Cloud Security:

  • All files and data are hosted on Google-protected servers and secured by Google Firebase authentication. No third party can access any information in your own protected space, and other users may only view your material if you specifically grant them access.
     

Encryption:

  • All files are encrypted at rest and communications between servers and between server and client are always encrypted by TLS/SSL.
     

  • Communication between clients is always encrypted (SRTP/DTLS).

 

Safeguarding data:

  • All interactions with Spotterfish servers use SSL/HTTPS. All user data is encrypted using AES-256 bit key encryption.
     

Invitations and Screening Room access:

  • Invitations to rooms are always personal, although the links themselves are not. Every user that enters Spotterfish will create or already have an account, but can not enter a Screening Room/Join a session unless admitted by a moderator of that room. It is therefore safe to pass a link in an email or calendar invite since the link does not contain any passwords or special information.
     

  • If the user has been assigned a seat in a screening room provided in the invite link, they will be allowed to enter. If access has been revoked, they will be blocked.
     

  • Moderators of a screening room have full control of who is allowed in each room at any time, and only users who are currently invited to or have a seat in a screening room are allowed to enter it. If a moderator sends an invitation to a new user and then revokes their access to the screening room before they click the link, they will be able to register a new account but they will not be able to enter the room. If a user is currently inside a screening room and access is revoked, they will be removed from the session immediately.
     

  • A file is always in full control of the owner and can be viewed by other users only in the context of a screening room, where the owner who is also a moderator of the room has chosen to load the file for review. No users can download files: once uploaded, they can only be viewed from within the screening room.
     

Enterprise security features:​

  • Level 2 (Optional)
    Requires 2-Factor Authentication and Email verification. Standard Auth + Pin code sent to registered phone before entering the room. The user needs to be logged in recently (within the last 40 minutes) before entering the room.

 

  • Level 3 (Optional)
    Requires level 2 + a new pin code (sent via mobile phone) each time a moderator switches which video is played back
     

  • Level 4 (Optional)
    Customer supplied encryption key. Disable sharable room link
     

User logging:

  • When users sign up for Spotterfish, they consent to have their activities captured in a detailed audit log for admins to view. These audit logs are also available to our customers, providing them greater visibility into user activity on the platform. We use google analytics with custom events and do logging when a user logs in and logs out of a screening room, we also store info about markers dropped and chat messages sent.
     

Vulnerability testing:

  • Spotterfish regularly employs penetration testers for security scanning.